[Pkg-mediawiki-devel] Bug#550940: Mediawiki settings file world-readable
nion at debian.org
Mon Jul 4 21:35:29 UTC 2011
* Ian Jackson <ijackson at chiark.greenend.org.uk> [2011-07-04 13:00]:
> Hi, security guys. Would you care to take a look at #550940 ?
> I think this is the kind of security problem which should perhaps
> warrant a DSA.
> The maintainer's response (that this is fixed in a new upstream
> version and therefore wouldn't be fixed in squeeze) seems
> very surprising to me.
I don't have a test installation around now to verify this. Can someone verify
if the default permissions on squeeze/lenny might be 666 as well?
If yes, this should get a DSA.
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: not available
More information about the Pkg-mediawiki-devel